Windows 7 802.1x via Wired port on RAP109

I am using a 3400 with a RAP109. I have setup the wireless using 802.1x auth however I am having an issue setting this up with wired 802.1x

I have followed the RAP Network setup guide step-by-step using the RAP in split-tunnel mode, with the same NPS as wireless. However 802.1x never authenticates. The port is set as untrusted, the 802.1X Authentication Profile has Termination with eap-peap and eap-mschapv2

The user always get initial role of ‘denyall’, testing by setting this to ‘authenticated’ works. I am using the same 802.1X Authentication Default Role as the wireless profile

On the radius server I have setup a new Connection Request Policy with NAS Port Type (VPN or Ethernet) using Microsoft PEAP with MS-CHAP-v2. Also Network Policy with NAS Port Type (VPN or Ethernet) with Domain Computers or Domain Users.

Re: Windows 7 802.1x via Wired port on RAP109

‎11-11-201307:19 PM

It looks like you have mac authentication enabled on that connection (a mac authentication profile attached to the AAA profile). If mac authentication fails, the authentication does not go any further, and that is why you would see nothing on the NPS:

You either need to (1) Turn off Mac authentication by changing the mac authentication profile on the aaa profile to N/A or enable l2 faithrough on the AAA profile, which will allow 802.1x to continue, even though mac authentication fails.